Archive for ‘Misc’

19/05/2016

117 مليون كلمة مرور لموقع لينكد إن معروضة للبيع 

ينوي قرصان الانترنت الذي قام بسرقة ملايين عناوين البريد الالكتروني وكلمات المرور التابعة لمستخدمي موقع لينكد إن في العام 2012، ببيعها الآن والتي يصل عددها إلى 117 مليون بريد إلكتروني وكلمة مرور.

يتذكر مستخدمي الموقع جيداً حادثة التهكير التي تعرض لها الموقع في العام 2012، والتي سرب من خلال ما وصل إلى 65 مليون كلمة مرور على شبكة الانترنت، بالإضافة إلى سرقة بيانات ملايين العملاء في الموقع.

وبعد أربع سنوات على الحادثة يقوم القرصان المدعو Peace بعرض بيع قاعدة بيانات تخص ما لا يقل عن 167 مليون حساب على لينكد إن، والتي تمكن من كسر 117 مليون كلمة مرور منها.

 جديد في “لينكد إن” خلال شهرين فقط

والحل الوحيد هنا هو إن لم تقوموا بتغيير كلمة المرور منذ العام 2012، فعليكم تغييرها الآن وبسرعة وعدم اختيار أي من الكلمات السهلة، فمن الأفضل أن تكون مزيج منوع من الكلمات التي تعني لكم شيء أو حتى كلمات أغنية مفضلة لديكم على أن تحتوي على بعض الرموز.

17/05/2016

4 big plans to fix the Internet


Here are several promising security proposals that could make a difference in Internet security. None are holistic solutions, but each could make the Internet a safer place, if they could garner enough support.
1. Get real about traffic routing

The Internet Society, an international nonprofit organization focusing on Internet standards, education, and policy, launched an initiative called MANRS, or Mutually Agreed Norms for Routing Security.

Under MANRS, member network operators — primarily Internet service providers — commit to implementing security controls to ensure incorrect router information doesn’t propagate through their networks. The recommendations, based on existing industry best practices, include defining a clear routing policy, enabling source address validation, and deploying antispoofing filters. A “Best Current Operational Practices” document is in the works.

It’s Networking 101: The data packets have to reach their intended destination, but it also matters what path the packets take. If someone in Canada is trying to access Facebook, his or her traffic shouldn’t have to pass through China before reaching Facebook’s servers. Recently, traffic to IP addresses belonging to the U.S. Marine Corps was temporarily diverted through an ISP in Venezuela. If website traffic isn’t secured with HTTPS, these detours wind up exposing details of user activity to anyone along the unexpected path.

Attackers also hide their originating IP addresses with simple routing tricks. The widely implemented User Datagram Protocol (UDP) is particularly vulnerable to source address spoofing, letting attackers send data packets that appear to originate from another IP address. Distributed denial-of-service attacks and other malicious attacks are hard to trace because attackers send requests with spoofed addresses, and the responses go to the spoofed address, not the actual originating address.

When the attacks are against UDP-based servers such as DNS, multicast DNS, the Network Time Protocol, the Simple Server Discovery Protocol, or the Simple Network Management Protocol, the effects are amplified.

Many ISPs are not aware of different attacks that take advantage of common routing problems. While some routing issues can be chalked up to human error, others are direct attacks, and ISPs need to learn how to recognize potential issues and take steps to fix them. “ISPs have to be more responsible about how they are routing traffic,” Webb says. “A lot of them are susceptible to attack.”

ISOC had nine network operators participating in the voluntary program when it launched in 2014; now there are more than 40. For MANRS to make a difference, it needs to expand so that it can influence the market. ISPs that decide not to bother with the security recommendations may find they lose deals because customers will sign with MANRS-compliant providers. Or smaller ISPs may face pressure from larger upstream providers who refuse to carry their traffic unless they can show they’ve implemented appropriate security measures.

It would be great if MANRS became a de facto standard for all ISPs and network providers, but scattered safe neighborhoods are still good enough. “If you require everyone to do it, it is never going to happen,” Webb says.
2. Strengthen digital certificate auditing and monitoring

There have been many attempts to address the issues with SSL, which protects the majority of online communications. SSL helps identify if a website is the site it claims to be, but if someone tricks a certificate authority (CA) into fraudulently issuing digital certificates for a site, then the trust system breaks down.

Back in 2011, an Iranian attacker breached Dutch CA DigiNotar and issued certificates, including ones for Google, Microsoft, and Facebook. The attacker was able to set up man-in-the-middle attacks with those certificates and intercept traffic for the sites. This attack succeeded because the browsers treated the certificate from DigiNotar as valid despite the fact that the sites had certificates signed by a different CA.

Google’s Certificate Transparency project, an open and public framework for monitoring and auditing SSL certificates, is the latest attempt to solve the man-in-the-middle problem.

When a CA issues a certificate, it’s recorded on the public certificate log, and anyone can query for cryptographic proof to verify a particular certificate. Monitors on servers periodically examine the logs for suspicious certificates, including illegitimate certificates issued incorrectly for a domain and those with unusual certificate extensions.

Monitors are similar to credit reporting services, in that they send alerts regarding malicious certificate usage. Auditors make sure the logs are working correctly and verify a particular certificate appears in the log. A certificate not found in the log is a clear signal to browsers that the site is problematic.

With Certificate Transparency, Google hopes to tackle wrongly issued certificates, maliciously acquired certificates, rogue CAs, and other threats. Google certainly has technology on its side, but it has to convince users that this is the right approach.

DNS-based Authentication of Named Entities (DANE) is another attempt to solve the man-in-the-middle problem with SSL. The DANE protocol reinforces the point that a sound technology solution doesn’t automatically win users. DANE pins SSL sessions to the domain name system’s security layer DNSSEC.

While DANE successfully blocks man-in-the-middle attacks against SSL and other protocols, it is haunted by the specter of state surveillance. DANE relies on DNSSEC, and since governments typically owns DNS for top-level domains, there is concern about trusting federal authorities to run the security layer. Adopting DANE means governments would have the kind of access certificate authorities currently wield — and that makes users understandably uneasy.

Despite any misgivings users may have about trusting Google, the company has moved forward with Certificate Transparency. It even recently launched a parallel service, Google Submariner, which lists certificate authorities that are no longer trusted.
3. Tackle the malware problem once and for all

Almost a decade ago Harvard University’s Berkman Center for Internet & Society launched StopBadware, a joint effort with tech companies such as Google, Mozilla, and PayPal to experiment with strategies to combat malicious software.

In 2010 Harvard spun off the project as a stand-alone nonprofit. StopBadware analyzed badware — malware and spyware alike — to provide removal information and to educate users on how to prevent recurring infections. Users and webmasters can look up URLs, IPs, and ASNs, as well as report malicious URLs. Technology companies, independent security researchers, and academic researchers collaborated with StopBadware to share data about different threats.
4. Reinvent the Internet

Then there’s the idea that the Internet should be replaced with a better, more secure alternative.

Doug Crockford, currently a senior JavaScript architect at PayPal and one of the driving forces behind JSON, has proposed Seif: an open source project that reinvents all aspects of the Internet. He wants to redo transport protocols, redesign the user interface, and throw away passwords. In short, Crockford wants to create a security-focused application platform to transform the Internet.

Seif proposes replacing DNS addressing with a cryptographic key and IP address, HTTP with secure JSON over TCP, and HTML with a JavaScript-based application delivery system based on Node.js and Qt. CSS and DOMs will also go away under Seif. JavaScript, for its part, would remain the key cog in building simpler, more secure Web applications.

Crockford also has an answer for SSL’s reliance on certificate authorities: a mutual authentication scheme based on a public key cryptographic scheme. Details are scarce, but the idea depends on searching for and trusting the organization’s public key instead of trusting a specific CA to issue the certificates correctly.

16/05/2016

Enterprise Security 360 Oberoi-Dubai


#ENSECURITY360

D- Link Easy Voiz PBX DVX-3000

HPE Hyper Converged 250 for Microsoft CPS standard

Comguard Centrify

Fortinet 

Huawei Safe City Summit

ManageEngine

QNAP NAS

Gitex 2017 16-20 OCT 2016

13/05/2016

Gulf Air creates private cloud to support open-source big data engine


Airline is using a private cloud and open-source software to enable it to analyse social media and understand what consumers think about it
Gulf Air has created a private cloud to support a big data engine that will enable it to monitor consumer sentiment about the airline on social media.

Bahrain’s national carrier is using Red Hat Enterprise Linux, Red Hat JBoss Enterprise Application Platform, and Red Hat Storage as a platform for its Arabic Sentiment Analysis system, which monitors people’s comments through their social media posts.

It processes the posts and provides reports on what customers are saying about Gulf Air.

The open-source software meant no licence fees as the airline was able to run it on its existing infrastructure.

Gulf Air, which has 28 aircraft serving 39 cities in 22 countries, has developed a sentiment analysis engine using big data technologies that can address social media posts in both Arabic and English. It is based on an open-source Hadoop big data framework running across servers in Gulf Air’s private cloud environment.

The private cloud encompasses 200 servers running more than 100 core applications and holds more than 50 terabytes of data.

Gulf Air’s IT team also uses this as the basis for a wider analysis of the state of the market and actions taken by the carrier’s competitors.

13/05/2016

Transforming IT from Communism to Capitalism with Software Defined


As many of you likely already know, Interop opened this week in Las Vegas. What you might not know is that it hosted a one-day Software-Defined Architecture Summit that focused on everything from what is software-defined technology to how to manage the migration from hardware- to software-based technology, and everything in between. If you missed the event, don’t worry. You can still get access to the Summit presentations here.

I spoke to one of the Summit’s presenters, Jack Poller, a lab analyst with the Enterprise Strategy Group, and he had an interesting take on how software-defined everything—software-defined networking, storage and data center—is revolutionizing the IT industry or more aptly, transforming IT from Communism to Capitalism.

The way Poller explains it, computers have evolved over time from systems defined by chips—hardware computing—to something now defined by software; in other words, software computing, which is really just virtualization. He further adds that, “This transformation from hardware to software has played out over and over again; first with computer systems, then with storage and networking. Each time, we’ve evolved from viewing the world as based on our hardware architecture and using that to solve a specific problem to a more general view of using a software architecture to solve our problems.”

As that technology evolution occurs, it flips power and control from one group to another. Poller points out that this flip is something that’s occurred throughout history, a recent example of which can be seen in the music industry.

Years ago, musicians made their money off of albums and performed concerts as a way to generate interest in people buying those albums. Today; however, with modern Internet and free music downloads, recorded music is no longer scarce. Instead, what’s become scarce are live musical performances. So now, musicians use their recorded music as a form of promotion to drive consumers to their concerts, and their concerts are where they make money.

As Poller explains, the technology of the Internet inverted the power structure in the music industry. He sees the same thing happening to the IT industry because of software-defined technology. “Computers used to be these big, very complex, very expensive machines, and because they were such capital- and resource-intensive things you ended up with a centralized resource and centralized control structure, which is essentially what communism is. Now, with software-defined technology, there is still a centralized block of resources, but those resources can be divvied out as necessary.”

In other words, as the evolution to software-defined technology takes hold, IT will transform from being the people in control of the resource and defining what it is, to the people who push the authority, responsibility, control, and decision-making regarding the resource down to the people actually using it; those who are closest to the problem they are trying to solve.

Poller suggests thinking of it this way: “Traditionally, IT says the company needs a storage system, we’re going to invest X amount of dollars in the system and it has to meet the needs of most of the company—even though it doesn’t necessarily meet the particular needs of any one group in the company. With software-defined technology, IT can now get a software-defined storage system and build it exactly to the needs of any group in the company.”

This is a critical point, as in the past, the only way to tailor a storage solution to the needs of a particular group was to buy specific storage units to meet those requirements. With software-defined technology, groups can say I need a chunk of storage that has this response time quality or this level of capacity and IT can control that through software. Furthermore, IT can delegate administrative control to the group who needs that property most so they can use it however they want.

By inverting the power and control, software-defined technology is making IT less like Communism and more like Capitalism. And according to Poller, this is a transformation that’s already begun to take place, although as he points out, “It’s just the beginning of the revolution.”

13/05/2016

NEWSPAPER IT EMPLOYEES ‘ANGRY AS HELL’ OVER FOREIGN WORKERS

العاملين في مجال تقنية المعلومات في الصحف والجرائد – الأمريكية بشكل خاص – في خطر داهم بسبب ال Outsourcing في توفير هذه الخدمات عبر القارّات وبكلف لاتكاد تُذكر 
For McClatchy Company IT employees who will lose their jobs once their work is moved to India, there are fury and questions.

As many as 150 IT employees at the chain, which runs some 30 newspapers, will be losing their jobs. (See: “Newspaper chain sending IT jobs overseas.”)

A government form, called the Labor Condition Application (LCA), is being posted on bulletin boards at the offices of various newspapers in the chain. This form alerts workers that at least one H-1B worker is being used.

Photographs of some of these notices, posted at the Miami Herald, one of the newspapers owned by McClatchy, were sent to Computerworld.

Wipro labor condition application

The top part of a Labor Condition Application posted at the office of the Miami Herald.

“The are basically firing me and hiring a foreign worker to do my job at less than half the rate they were paying me,” said one IT employee. “They really couldn’t find American workers to do this job? Seriously? I am angry as hell.”

“I feel the same way the Disney employees must have felt last year when this exact same thing happened to them,” said this IT employee.

On the form an employer must indicate whether they are H-1B dependent. If H-1B workers comprise 15% or more of an employer’s workforce, the employer is classified as “H-1B dependent” by the U.S. government and subject to additional requirements.

H-1B dependent firms are required take “good-faith steps to recruit U.S. workers” and not displace workers. But there’s a loophole. If these employers pay more than $60,000 to a visa holder, or that person has a master’s degree, the nondisplacement provisions do not apply.
A second McClatchy IT employee said it’s difficult to understand how an employer can use foreign workers to send their jobs overseas.

“There is something wrong with the system and the laws that allow these kind of things,” said the second IT worker. “I understand that cutting costs is important for a company in deep trouble like McClatchy, but bringing underpaid workers from India to replace American workers is just crossing the line.”

A McClatchy spokeswoman said the firm would not be commenting.

08/05/2016

InvestBank UAE suffers data breach – a 10GB Zip file has been surfaced online


ITP.net – Published May 8, 2016

According to IBTimes UK, Sharjah-based InvestBank has been hacked.

A 10GB Zip file has surfaced online which holds sensitive financial data on tens of thousands of InvestBank customers. The information includes folders called ‘Account Master’, ‘Customer Master’ and ‘Branch Master’, which allegedly contains spreadsheets, PDF files and images.   

IBTimes UK has reported that one document, titled ‘Cards’ contains almost 20,000 card numbers, and another holds over 3,000 individual bank statements which are watermarked with InvestBank logos. Other files released are ‘Investors’, ‘land documents’ and ‘passports’, with the latter storing scanned ID cards, passports, insurance cards and customer pictures, as well as full passport data of an InvestBank employee.

The news comes after Qatar National Bank confirmed it had been compromised with 1.4GB of sensitive data leaked.

The InvestBank data was uploaded online by a group using the pseudonym ‘Bozkurt Hackers’; many security experts suspect they were also responsible for the QNB breach.

IBTimes UK also said a similar dataset alleging to contain sensitive information from Investbank surfaced last December, as the bank refused to meet the demands from a hacker dubbed ‘Buba’. It is possible that the breach may not be new and could mean the same data has been published but by a separate hacking group.

02/05/2016

QNB being hacked تسريب بيانات عملاء بنك قطر الوطني وكلمات السر الخاصة بهم

26th April 2016

It has been reported that the Qatar National Bank has been breached.

The Register reported that documents claiming to be from Qatar National Bank have surfaced on file-sharing site Global-Files.net, but have since been deleted.

According to whistle-blower firm Cryptome‘s Twitter stream, the leaked document contained more than 15,000 documents detailing over 100,000 accounts with passwords and PINs.

Cryptome is claiming to re-host the files, but have not done so yet.   

الدوحة أول مايو أيار (رويترز) – قال بنك قطر الوطني أكبر بنك في الشرق الأوسط وأفريقيا من حيث الأصول إنه أخذ خطوات فورية كي لا يتكبد عملاؤه خسائر مالية بعد خرق أمني الأسبوع الماضي أسفر عن كشف البيانات الشخصية لآلاف العملاء.

وقال البنك في بيان اليوم الأحد “نود الإشارة إلى أننا حريصون على اتخاذ كافة الإجراءات اللازمة لحماية بيانات عملائنا ونتعاون مع شركات متخصصة ومستقلة ذات خبرة عالمية لفحص كافة الأنظمة والتأكد من عدم وجود أي ثغرات فيها.” وأضاف “نؤكد مرة أخرى أن جميع حسابات عملائنا آمنة تماما.” لكن لم يتضح كيف يعتزم البنك حماية الحسابات التي نشرت بياناتها بما في ذلك أسماء العملاء وكلمات السر الخاصة بهم.

تضمنت البيانات التي يبلغ حجمها 1.5 جيجابايت وثائق تضم تفاصيل خاصة بالبنك وأرقام الهاتف وتواريخ الميلاد للعديد من صحفيي قناة الجزيرة وأفراد من أسرة آل ثاني الحاكمة ومسؤولين عسكريين.

وتتضمن بعض الملفات صورا لأصحاب الحسابات من موقعي فيسبوك ولينكد إن وهي مسألة قد تكون حساسة في دولة محافظة تثمن الخصوصية.

وقال البنك إن الخرق الأمني يستهدف سمعته لا العملاء وإنه لم يشمل إلا جزءا من عملاء البنك فحسب.

ولم يكشف البيان هوية المتسللين.

وقال البنك إن قسما من البيانات قد يكون دقيقا لكن العديد منها “تم دمجها بمعلومات من مصادر أخرى لا تمت بصلة لمجموعة بنك قطر الوطني بما في ذلك بيانات شخصية من شبكات التواصل الاجتماعي.”

وتضمنت نسخة من المحتوى المسرب اطلعت عليها رويترز بيانات خاصة بصفقات أبرمها عملاء البنك أظهرت أيضا عوائد من الخارج ترجع إلى عمليات آخرها في سبتمبر أيلول 2015.

وتضمن أحد الملفات معلومات عما بدا أنها 465 ألفا و437 حسابا في البنك لكن جزءا ضئيلا فحسب من هذه الحسابات تضمن ما يشبه تفاصيل كاملة عن الحساب.

21/04/2016

One million copies of an old movie encoded into DNA by inspecting a vial that contains a few droplets of water  

    

A Technicolor scientist surrounded by the latest virtual reality technology inspects a vial containing a few droplets of water — and one million copies of an old movie encoded into DNA.

The company has come a long way since the Hollywood golden age, when the world gazed in awe at the lush palette of “The Wizard of Oz” and “Gone with the Wind” provided by its three-strip cameras.

DNA Data Storage: Your Genetic Material Is A Hard Drive

Your Face Is Made Of Junk DNA!

DNA is almost unimaginably small — up to 90,000 molecules can fit into the width of one human hair — so even such a large library is totally invisible to the human eye. All you can see is the water in the tube.

“This, we believe, is what the future of movie archiving will look like,” Bolot said.

Scientists have been experimenting with DNA as a potential storage medium for years but recent advances in modern lab equipment have made projects like Technicolor’s a reality.

The company’s work builds on research by scientists at Harvard University, who in 2012 successfully stored 5.5 petabits of data — around 700 terabytes — in a single gram of DNA, smashing the previous DNA data density record by a factor of one thousand.

DNA is a long, coiled molecular “ladder” — the famous double helix structure — comprising four chemical rungs, adenine, cytosine, guanine and thymine, which team up in pairs.

DNA Data Storage Lasts Thousands Of Years

Bolot’s team digitized the “A Trip to the Moon” into data in the form of zeros and 1s in computing’s binary code, and transcribed it into DNA code, which was then turned into molecules, using lab-dish chemicals.

The contents are “read” by sequencing the DNA — as is routinely done today in genetic fingerprinting — and turning it back into computer code.

Converting movies into man-made DNA brings huge advantages, said Bolot, who points out that the archives of every Hollywood studio, currently taking up square kilometers of floor space, could fit into a Lego brick.

Another problem overcome by DNA storage is that the format for reading it doesn’t become obsolete every decade or so, unlike celluloid, VHS, DVD and every other medium in the history of filmmaking.

20/04/2016

Schneider Electric highlights benefits of converged OT and IT

  

Schneider Electric is hosting its fourth ‘Power to the Cloud’ event in Dubai, to showcase the potential of converged operational technology (OT) and information technology (IT) for smart cities.

The event, which is taking place at the the Dubai Convention and Exhibition Centre, highlights how Internet of Things solutions that combine OT and IT will impact in areas such as energy optimization and improve citizen services through analytics, real-time data management and intelligence capabilities. 

The show will is expected to attract over 2,000 industry visitors and around 200 VIPs from across the Middle East, Europe and Africa region. Industry speakers include experts from Schneider and customers including Etisalat, DEWA, Al Futtaim, Movenpick Group, Starwood Hotels and Resorts, and Abu Dhabi Airports.

Saeed Al Tayer, managing director and CEO, Dubai Electricity and Water Authority (DEWA) gave a keynote speech, commented: “This year’s Power to the Cloud comes at a time of rapid infrastructure transformation and economic change. As we strive to become smarter and more connected than ever before, we need to learn to leverage technologies that are eco-friendly.

Today, the convergence of Information Technology (IT) and Operational Technology (OT) makes it possible to increase process efficiency and optimise scarce resources.

This ties in with the UAE Government’s Vision 2021 launched by His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, which emphasises the importance of sustainable development and the preservation of the environment.” 

The event includes a dedicated 5,000 square meter experiential zone which showcases various elements of a smart city for homes, hotels, hospitals, educational institutions and utilities. 

Frédéric Abbal, executive vice-president of Energy Business, Schneider Electric, said: “It is important to create enriching community spaces for inhabitants through digital connection, technologies to simplify life and automation to streamline the businesses. These communities, which collectively form cities, need to be tied together with infrastructure that can accommodate the massively growing populations and their evolving expectations.

Power to the Cloud, now in its fourth year, has greatly developed since its inception in 2012 and illustrates the progress Dubai is making on its evolution into a smart city. Through this educational platform, we hope to bring to light the technologies that will positively impact our living spaces and their environment.

19/04/2016

A massive Google cloud outage this week went largely unnoticed compared to the type of outcry that accompanies downtime for its competitors — and that’s not a good thing.

   
The incident was initially caused by dropped connections when inbound Compute Engine traffic was not routed correctly, as a configuration change around an unused IP block didn’t propagate as it should. Services also dropped for VPNs and L3 network load balancers. Management software’s attempts to revert to previous configuration as a failsafe triggered an unknown bug, removed all IP blocks from the configuration and pushed a new, incomplete configuration.

A second bug prevented a canary step from correcting the push process, so more IP blocks began dropping. Eventually, more than 95% of inbound traffic was lost, which resulted in the 18-minute Google cloud outage that was finally corrected when engineers reverted to the most recent configuration change.

The outage didn’t affect Google App Engine, Google Cloud Storage or internal connections between Compute Engine services and VMs, outbound Internet traffic, and HTTP and HTTPS load balancers.

SearchCloudComputing reached out to a dozen Google cloud customers to see how the outage may have affected them. Several high-profile users who rely heavily on its resources declined to comment or did not respond, while some smaller users said the outage had minimal impact because of how they use Google’s cloud.

Vendasta Technologies, which builds sales and marketing software for media companies, didn’t even notice the Google cloud outage. Vendasta has built-in retry mechanisms and most system usage for the company based in Saskatoon, Sask., happens during normal business hours, said Dale Hopkins, chief architect. In addition, most of Vendasta’s front-end traffic is served through App Engine.

In the five years Vendasta has been using Google’s cloud products, on only one occasion did an outage reach the point where the company had to call customers about it. That high uptime means the company doesn’t spend a lot of time worrying about outages and isn’t too concerned about this latest incident.

“If it’s down, it sucks and it’s a hard thing to explain to customers, but it happens so infrequently that we don’t consider it to be one of our top priorities,” Hopkins said.

For less risk-tolerant enterprises, reticence in trusting the cloud would be more understandable, but most operations teams aren’t able to achieve the level of uptime Google promises inside their own data center, Hopkins said.

Vendasta uses multiple clouds for specific services because they’re cheaper or better, but it hasn’t considered using another cloud platform for redundancy because of the cost and skill sets required to do so, as well as the limitations that come with not being able to take advantage of some of the specific platform optimizations.

All public cloud platforms fail, and it appears Google has learned a lesson on network configuration change testing, said Dave Bartoletti, principal analyst at Forrester Research, in Cambridge, Mass. But this was particularly unfortunate timing, on the heels of last month’s coming-out party for the new enterprise-focused management team at Google Cloud.

“GCP is just now beginning to win over enterprise customers, and while these big firms will certainly love the low-cost approach at the heart of GCP, reliability will matter more in the long run,” Bartoletti said.

10/04/2016

Oracle ZFS Storage Appliance system overview

  
The Oracle ZFS Storage Appliance is designed for mid-tier NAS environments. The line has two products, the ZS3-2 and ZS4-4, that have variable setup options and a wide range of configurations. Oracle ZFS products support mechanical hard disk drives (HDDs) for data, and flash-based solid-state drives (SSDs) for metadata and write acceleration.

The Oracle ZFS Storage ZS3-2 fits up to 184 serial-attached SCSI (SAS) HDDs in capacities of 300 GB, 900 GB and 4 TB, for a maximum 736 TB of storage per single node. Drives are arranged in 24-slot disk shelves. Unlike many NAS arrays, the Oracle ZFS Storage Appliance does not support data SSDs. Instead, Oracle implemented a memory capacity of 1 TB per node, a read flash cache capacity of 12.8 TB and 28 TB of write flash using write accelerators. Write accelerators are drives that store the contents of the ZFS Intent Log (ZIL). Products support 1.6 TB SSDs for the read cache and 300 GB SSDs for the write accelerators.
The ZS3-2 supports up to four write flash accelerators per disk shelf. It can have four or eight 10 Gigabit Ethernet (GbE) Base-T ports depending on configuration. It runs on up to four eight-core Intel Xeon processors, and nodes can be clustered as high as 3.1 PB

The Oracle ZFS Storage ZS4-4 fits up to 544 SAS HDDs in capacities of 900 GB and 4 TB, for a maximum 2.1 PB of storage per single node. Drives are arranged in 24-slot disk enclosures, with support for up to four write accelerators per enclosure. The array can have up to eight 10 GbE Base-T ports, and runs on eight 15-core Intel Xeon processors and up to 3 TB of memory. ZS4-4 nodes can be clustered as high as 6.9 PB.
  
ZIL is an intent logging feature designed to increase data availability on ZFS platforms. Write operations to ZFS Storage drives are atomic, meaning they are either performed completely or not at all. A record of each operation — known as the “intent to perform” — is logged to the ZIL before it occurs. In the event of a power failure, the system will read the intent log to detect which operations were in process when the failure occurred and either revert or redo them. The ZIL is stored on flash-based SSDs, providing faster write performance than if it was written to mechanical HDDs.

In addition to ZIL, the Oracle ZFS Storage Appliance includes software for storage management, monitoring and encryption. The ZFS Storage Software has features such as thin provisioning, monitoring and analytics, support for iSCSI and Fibre Channel interconnects, and replication within local ZFS Storage clusters. Additional software can be licensed separately for remote replication, AES 256-/192-/128-bit encryption and database backup. The ZFS Storage Appliance is tuned to work with Oracle databases, and its software includes the Snap Management Utility for Oracle Database and the Oracle Enterprise Manager Plug-in for Oracle ZFS Storage Appliance.

Pricing for the Oracle ZFS Storage Appliance depends on configuration. Pricing for the ZS3-2 model ranges from $35,600 to $314,600, while the cost of the ZS4-4 is between $135,600 and $988,900. All ZFS Storage products come with a one-year limited hardware warranty with phone support during local business hours. Response times are tiered by severity: Severity 1 has a four-hour response time, Severity 2 has an eight-hour response time and Severity 3 has a next-business-day response. An optional premier warranty provides 24/7 technical support and two-hour on-site support. Oracle’s advanced support package provides further features such as 24/7 monitoring, system installation and support

10/04/2016

Stratasys re-energizes 3D printing with push-button J750 that prints 360,000 colors

  
OtterBox has been using 3D printing to help design its tank-like phone cases for over a decade. But, the biggest leap forward in its rapid prototyping process happened in the past six months. A prototype of one of its multi-colored cases used to take 3 days to print, paint, and finish. Now, it takes 30 minutes with the Stratasys J750, which OtterBox has been beta testing since last fall.

As of Monday, any company can now take advantage of this technology to shorten its product development lifecycle. The J750 is available from Stratasys today and can be ordered from its website. Delivery times will vary based on geography.

To get the exact cost of a J750, you’ll have connect with Stratasys to get the specifics for your company and region, but you’re typically looking at a price tag in the hundreds of thousands of dollars for an industrial-strength rapid prototyping machine like this one.

Stratasys is also the company that owns MakerBot—the manufacturer of the world’s most well-known desktop 3D printers—and we can expect that advances in high-end “additive manufacturing” will also trickle down to consumer 3D printers eventually. My ZDNet colleague Larry Dignan analyzes what the J750 means for the 3D printing market.

The reason that the J750 represents such a breakthrough in 3D printing is that it can print 360,000 colors and a combination of 6 different materials. While there are 3D printers that can now print metal, wood, and even human cells, the J750 remains focused on combining a variety of different plastics to help manufacturers produce prototypes and parts.

By combining multiple materials into its prints, the J750 can achieve a lot of different strengths, textures, and opacities. And, the ability to print so many color combinations without having to change the printer’s configuration has surpassed anything else that has hit the market so far.

It’s a game changer. And, it has industrial designers drooling.

On the first day that the beta version of the J750 arrived at OtterBox last year, the team quickly printed one of their in-progress iPhone cases—just to see how it would look. The reaction was, “Whoa, this looks just like our final part,” said Brycen Smith, engineering technician supervisor. 

How GE is using 3D printing to unleash a revolution in large-scale manufacturing

In 2015, GE inaugurated a new, Multi-Modal manufacturing facility in Chakan, India. If the company’s ambitions for the space are realized, it could drive a massive change in global manufacturing.

For fun, they sent it to their testers to see how well the color matched to the company’s standards for the final product. “It was within our manufacturing tolerances,” said Smith.

“The day we got it in, one of our product development directors said, ‘Can we get 2?” he added.

05/04/2016

You don’t have to be in management to succeed in business

  
Many a company founder has gladly relinquished the title of President or CEO to be a Chairman or a CTO or simply, a founder. What these individuals had in common was a love for innovation and for the ability to keep innovating and doing. They didn’t see the daily life of company administration, or interacting with boards, stakeholders and analysts, as particularly satisfying—nor did they want to be managing projects or product launches. However, because of their ability to innovate and create, they enjoyed rewarding and highly lucrative careers.

The bottom line? You don’t have to be in management to succeed in business.

These words continue to hold true even if you are not a skilled innovator, but are instead highly skilled in a discipline that your company regards as critical to its success. In the IT world, for example, there are data architects and scientists who start as new hires with six-figure salaries. There is similar recognition for the finely honed skills of engineers, application developers, and security analysts.

That’s important to know because business schools and companies continue to instill the idea that the path to success and monetary gain is through management. This is the ideology that compels those who are technically gifted to try to remake themselves so they can fit into positions that do not naturally line up with their talents. On the flip side, it is also the impetus behind the conversations that go on in technical expert cubicles about management spending time away at seminars so it can practice buzzwords.

The reality is that management and technical expert positions can be mutually exclusive because they require different skillsets. Managers, if they concentrate on technical problem solving, will neglect the most important parts of their jobs, like keeping their departments running, delivering on key business strategies, and ensuring funding so those strategies can be carried out. Technical experts and innovators deliver the value of what a department or a company offers through their genius and technology skills.

There are still companies and individuals who do not understand the importance of this dual-pronged approach to work. The refreshing news is that more organizations are starting to understand this idea. The way that they are showing it is by creating dual promotion ladders—one for management and one for technical contributors. Salaries between the two are commensurate.
This gives innovators and technical geniuses a career path, and it enables them to follow their natural bent—knowing that they can also obtain stock options, bonuses, high salaries, and corporate recognition.
Most importantly, it enables these individuals to be themselves—and to shine at what they do best.
The takeaways if you are a technical innovator or expert with absolutely no desire to manage people, politics, or budgets are to:
Develop your technical skillsets and/or talents in a particular area of need.

Find (or create) an organization that respects these skills and that will reward reward them.

Be the best at what you do.

Several years ago, I had lunch with a IT acquaintance who had been a database and application innovator for years, but who was routinely passed over whenever a management position came up. In his mid-forties, he realized that he would likely never advance in the company—which he felt had to be done by getting into management. One year later, he had gotten together with a few other highly developed techie friends and had founded his own company. Now in his core zone of excellence, he was abundantly happy, except for one thing—company growth now demanded that he had to hire a manager—which he was more than happy to d

Follow

Get every new post delivered to your Inbox.

Join 295 other followers